All Versions
Latest Version
Avg Release Cycle
34 days
Latest Release
86 days ago

Changelog History
Page 3

  • v2.7.0 Changes

    December 22, 2020
    • โš  Avoid method redefinition warnings in verbose warning mode (jeremyevans)

    • Return expired access token error message in the JWT refresh feature when using an expired token when it isn't allowed (AlexyMatskevich) (#133)

    • ๐Ÿ‘ Allow Rodauth features to be preloaded, instead of always trying to require them (janko) (#136)

    • ๐Ÿ”ง Use a default remember cookie path of '/', though this may cause problem with multiple Rodauth configurations on the same domain (janko) (#134)

    • โœ‚ Add auto_remove_recovery_codes? to the recovery_codes feature, for automatically removing the codes when disabling multifactor authentication (SilasSpet, jeremyevans) (#135)

  • v2.6.0 Changes

    November 20, 2020
    • Avoid loading features multiple times (janko) (#131)

    • โž• Add around_rodauth method for running code around the handling of all Rodauth routes (bjeanes) (#129)

    • ๐Ÿ›  Fix javascript for registration of multiple webauthn keys (bjeanes) (#127)

    • Add allow_refresh_with_expired_jwt_access_token? configuration method to jwt_refresh feature, for allowing refresh with expired access token (jeremyevans)

    • Promote setup_account_verification to public API, useful for automatically sending account verification emails (jeremyevans)

  • v2.5.0 Changes

    October 22, 2020
    • Add change_login_needs_verification_notice_flash for easier translation of change_login_notice_flash when using verify_login_change (bjeanes, janko, jeremyevans) (#126)

    • Add login_return_to_requested_location_path for controlling path to use as the requested location (HoneyryderChuck, jeremyevans) (#122, #123)

  • v2.4.0 Changes

    September 21, 2020
    • Add session_key_prefix for more easily using separate session keys when using multiple configurations (janko) (#121)

    • โž• Add password_pepper feature for appending a secret key to passwords before they are hashed, supporting secret rotation (janko) (#119)

  • v2.3.0 Changes

    August 21, 2020
    • Return an error status instead of an invalid access token when trying to refresh JWT without an access token in the jwt_refresh feature (jeremyevans)

    • Allow {create,drop}_database_authentication_functions to work with UUID keys (monorkin, janko) (#117)

    • โž• Add rodauth.login('login_type') for logging in after setting a valid account (janko) (#114)

    • Make new refresh token available to the after_refresh_token hook by setting it in the response first (jeremyevans)

    • ๐Ÿ”Œ Make the jwt_refresh plugin call before_jwt_refresh_route hook (previously the configuration method was ignored) (AlexeyMatskevich) (#110)

    • Add login_email_regexp, login_not_valid_email_message, and log_valid_email? configuration methods (janko) (#107)

  • v2.2.0 Changes

    July 20, 2020
    • ๐Ÿ‘ Allow removing all jwt_refresh tokens when logging out by providing a value of "all" as the token to remove (jeremyevans)

    • ๐Ÿ‘ Allow removing specific jwt_refresh token when logging out by providing the token to remove (jeremyevans)

    • Avoid NoMethodError when checking if session is authenticated when using two factor auth, verify_account_grace_period, and email_auth (jeremyevans) (#105)

    • โฌ‡๏ธ Reduce queries in #authenticated? and #require_authentication when using two factor authentication (janko) (#106)

    • Treat verify_account_email_resend returning false as an error in the verify_account feature (jeremyevans)

    • ๐Ÿ”ง Fix use of password_dictionary configuration method in password_complexity feature (jeremyevans)

    • โœ‚ Remove unnecessary conditionals (jeremyevans)

    • Add otp_last_use to the otp feature, returning the time of last successful OTP use (jeremyevans) (#103)

  • v2.1.0 Changes

    June 09, 2020
    • 0๏ธโƒฃ Do not check CSRF tokens by default for requests using JWT (janko, jeremyevans) (#99)

    • ๐Ÿ‘‰ Use new-password autocomplete value for password field when creating accounts (jeremyevans) (#98)

    • Consistently use json_response_body for all JSON responses in jwt feature (arthurmmoreira) (#97)

    • โž• Add check_csrf configuration method to customize CSRF checking (janko) (#96)

    • Have logged_in? when using http_basic_auth feature check for basic authentication (jeremyevans) (#94)

    • Don't consider account open if in unverified grace period without password (janko) (#92)

  • v2.0.0 Changes

    May 06, 2020
    • Do not show email auth as an option for unverified accounts if using the verify_account_grace_period feature (jeremyevans) (#88)

    • Generate unlock account key outside of send_unlock_account_email, similar to other email methods (janko) (#89)

    • 0๏ธโƒฃ Default otp_drift to 30 in the otp feature (jeremyevans)

    • Add rodauth.require_http_basic_auth to http_basic_auth feature, similar to require_login (janko) (#86)

    • Rename require_http_basic_auth to require_http_basic_auth? in http_basic_auth feature (janko) (#86)

    • Change http_basic_auth feature to use rodauth.http_basic_auth for handling basic authentication, similar to rodauth.load_memory (janko) (#86)

    • Do not call already_logged_in if logged in when accessing verify_login_change page (janko) (#87)

    • HTML id attributes now use - instead of _ in recovery_codes and remember features (jeremyevans)

    • Allow *_path and *_url methods to accept a hash of query parameters (janko) (#84)

    • ๐Ÿ‘‰ Use a danger button when closing accounts (janko) (#83)

    • ๐Ÿ– Handle invalid form inputs in a more bootstrap compatible manner (janko) (#83)

    • ๐Ÿ‘‰ Use standard vertical Bootstrap forms instead of horizontal forms in templates (janko) (#83)

    • ๐Ÿ‘‰ Make templates compatible with Bootstrap 4, and still display correctly with Bootstrap 3 (janko) (#83)

    • Add check_csrf_opts and check_csrf_block for arguments to the check_csrf! call before Rodauth route dispatching (jeremyevans)

    • โž• Add audit_logging feature, logging changes to a database table (jeremyevans)

    • โž• Add hook_action configuration method, called after all before/after hooks (jeremyevans)

    • Enable email rate limiting by default in lockout, reset_password, and verify_account features (jeremyevans)

    • Add session_expiration_error_status method to the session_expiration feature, used for JSON requests where session has expired (jeremyevans)

    • โž• Add domain configuration method to set an explicit domain, instead of relying on the host of the request (jeremyevans)

    • Add inactive_session_error_status to single_session feature, used for JSON requests where session is no longer active (jeremyevans)

    • Prevent use of previous JWT access tokens after refresh when using jwt_refresh and active_sessions features (jeremyevans)

    • Change default setting of jwt_check_accept? from false to true in the jwt feature (jeremyevans)

    • 0๏ธโƒฃ Automatically check CSRF tokens before calling any Rodauth route by default, allow disabling using check_csrf? false (jeremyevans)

    • โž• Add translate(key, default_value) configuration method and have it affect all translatable content (jeremyevans)

    • Add *_page_title configuration methods for all *_view configuration methods (jeremyevans)

    • ๐Ÿ”Œ Default to using Roda's route_csrf plugin for CSRF support, with :csrf=>:rack_csrf available for using rack_csrf (jeremyevans)

    • ๐Ÿ‘ Allow ability for user to fix an incorrect login when requesting a password reset (janko, jeremyevans) (#76)

    • Add two_factor_auth_return_to_requested_location? to support returning to original page after successful second factor authentication (janko) (#69)

    • Add login_return_to_requested_location? to support returning to original page after successful login (janko) (#69)

    • Add rodauth.require_password_authentication method to confirm_password feature (janko, jeremyevans) (#75)

    • ๐Ÿ‘‰ Make remember feature no longer depend on confirm_password (janko) (#79)

    • Replace {create_account,reset_password_request,verify_account_resend}_link configuration methods with *_link_text (janko) (#77)

    • Remove remembered_session_key configuration method, no longer needed (janko) (#80)

    • Add rodauth.possible_authentication_methods for the available authentication methods for the account (jeremyevans)

    • โž• Add active_sessions feature for disabling session reuse after logout, and allowing global logout of all sessions (jeremyevans)

    • ๐Ÿ‘Œ Add webauthn_verify_account feature for passwordless WebAuthn setup during account verification (jeremyevans)

    • ๐Ÿ‘ Allow confirm_password feature to operate as second factor authentication if using webauthn login (jeremyevans)

    • โž• Add webauthn_login feature for passwordless login via WebAuthn (jeremyevans)

    • Do not allow two factor authentication using same type as primary authentication (jeremyevans)

    • 0๏ธโƒฃ Do not require passwords by default if the account does not have a password (jeremyevans)

    • Remove clear_remembered_session_key and two_factor_session_key configuration methods, no longer needed (jeremyevans)

    • Store authentication methods used in the session, available via rodauth.authenticated_by (jeremyevans)

    • 0๏ธโƒฃ Do not require login confirmation by default if verifying accounts or login changes (jeremyevans)

    • Add mark_input_fields_with_inputmode? and inputmode_for_field? configuration methods for controlling inputmode (jeremyevans)

    • ๐Ÿ‘Œ Support and enable inputmode=numeric attributes by default for otp auth code and sms code fields (jeremyevans)

    • Add sms_phone_input_type and default to tel instead of using text for SMS phone input (jeremyevans)

    • Add mark_input_fields_with_autocomplete? and autocomplete_for_field? configuration methods for controlling autocomplete (jeremyevans)

    • ๐Ÿ‘Œ Support and enable autocomplete attributes by default for fields (jeremyevans)

    • ๐Ÿ‘‰ Add login_uses_email? configuration method for whether to treat logins as email addresses (jeremyevans)

    • โœ‚ Remove the verify change login feature, users should switch to the verify login change feature (jeremyevans)

    • Change default setting of json_response_success_key to success in the jwt feature (jeremyevans)

    • โœ‚ Remove deprecated account_model configuration method (jeremyevans)

    • Remove all deprecated configuration and runtime method aliases in the lockout, verify_account, email_auth, reset_password, and verify_login_change features (jeremyevans)

    • Remove deprecated before_otp_authentication_route configuration method (jeremyevans)

    • Change default setting of login_input_type to email if login_column is :email (jeremyevans)

    • Change default setting of mark_input_fields_as_required? to true (jeremyevans)

    • Change default setting of verify_account_set_password? in verify_account feature to true (jeremyevans)

    • Change default setting of json_response_custom_error_status? in jwt feature to true (jeremyevans)

    • โž• Add auto_add_recovery_codes? configuration method to recovery codes feature, and default to false (jeremyevans)

    • ๐Ÿ”ง Add base_url configuration method to set an explicit base for URLs, instead of relying on the base_url of the request (jeremyevans)

    • โž• Add webauthn feature to handle WebAuthn authentication (jeremyevans)

    • ๐Ÿ›  Fix corner cases when disabling a second factor when multiple second factors have been setup (jeremyevans)

    • Don't override second factor used to authenticate when setting up additional second factor authentication (jeremyevans)

    • โž• Add two factor auth, manage, and disable pages (jeremyevans)

    • โฌ‡๏ธ Drop support for Ruby 1.8 (jeremyevans)

  • v1.23.0 Changes

    March 06, 2020
    • โœ‚ Remove specs from the gem to reduce gem size by over 20% (jeremyevans)

    • ๐Ÿ‘‰ Make rodauth.authenticated? return true on OTP setup page (jeremyevans) (#68)

    • Display link to email auth request form when user has entered login and incorrect password if using email_auth feature (janko) (#65)

    • Add *_path and *_url methods for all *_route methods (janko) (#64)

    • โž• Add send_email configuration method for configuring how email is sent (janko) (#63)

  • v1.22.0 Changes

    October 29, 2019
    • โž• Add jwt_cors feature to handle Cross-Origin Resource Sharing when using the jwt feature (jeremyevans)

    • โž• Add space before newline after links in email, fixing issues with some webmail providers with broken autolinkers (jeremyevans)